On 4/3/06, Surachai Locharoen <[EMAIL PROTECTED]> wrote: > Is there any body guarantee debian security. I want to install debian as > my server instead of redhat as3 server which just attack by Phishing. > > Kan
As stated already, this sort of problem usually comes about because of some insecure PHP or CGI script or script suite rather than through the underlying OS's security, so Debian isn't going to offer you more security than Redhat in that sense. The best defense against this sort of attack is to a) understand everything you install, how it works, how to spot when it's not working, how to interpret the logs it generates, etc, and/or b) hire someone trustworthy who is skilled to understand it for you (which can include using hosted services). It's not enough to install a script and leave it be forever. You have to upgrade them immediately after a new version comes out, or at least shut off the old version while you review your options. It's a real pain having to maintain a busy server online, which is why b) can be a great option.